// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.

#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]
#![no_implicit_prelude]
extern crate accesscontextmanager_type;
extern crate async_trait;
extern crate bytes;
extern crate gax;
extern crate gaxi;
extern crate gtype;
extern crate iam_v1;
extern crate lazy_static;
extern crate longrunning;
extern crate lro;
extern crate reqwest;
extern crate serde;
extern crate serde_json;
extern crate serde_with;
extern crate std;
extern crate tracing;
extern crate wkt;

mod debug;
mod deserialize;
mod serialize;

/// A request to list all `AccessPolicies` for a container.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListAccessPoliciesRequest {
    /// Required. Resource name for the container to list AccessPolicy instances
    /// from.
    ///
    /// Format:
    /// `organizations/{org_id}`
    pub parent: std::string::String,

    /// Number of AccessPolicy instances to include in the list. Default 100.
    pub page_size: i32,

    /// Next page token for the next batch of AccessPolicy instances. Defaults to
    /// the first page of results.
    pub page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListAccessPoliciesRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListAccessPoliciesRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListAccessPoliciesRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListAccessPoliciesRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListAccessPoliciesRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest"
    }
}

/// A response to `ListAccessPoliciesRequest`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListAccessPoliciesResponse {
    /// List of the AccessPolicy instances.
    pub access_policies: std::vec::Vec<crate::model::AccessPolicy>,

    /// The pagination token to retrieve the next page of results. If the value is
    /// empty, no further results remain.
    pub next_page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListAccessPoliciesResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [access_policies][crate::model::ListAccessPoliciesResponse::access_policies].
    pub fn set_access_policies<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AccessPolicy>,
    {
        use std::iter::Iterator;
        self.access_policies = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListAccessPoliciesResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListAccessPoliciesResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListAccessPoliciesResponse {
    type PageItem = crate::model::AccessPolicy;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.access_policies
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// A request to get a particular `AccessPolicy`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetAccessPolicyRequest {
    /// Required. Resource name for the access policy to get.
    ///
    /// Format `accessPolicies/{policy_id}`
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetAccessPolicyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetAccessPolicyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetAccessPolicyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.GetAccessPolicyRequest"
    }
}

/// A request to update an `AccessPolicy`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateAccessPolicyRequest {
    /// Required. The updated AccessPolicy.
    pub policy: std::option::Option<crate::model::AccessPolicy>,

    /// Required. Mask to control which fields get updated. Must be non-empty.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateAccessPolicyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [policy][crate::model::UpdateAccessPolicyRequest::policy].
    pub fn set_policy<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::AccessPolicy>,
    {
        self.policy = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [policy][crate::model::UpdateAccessPolicyRequest::policy].
    pub fn set_or_clear_policy<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::AccessPolicy>,
    {
        self.policy = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateAccessPolicyRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateAccessPolicyRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateAccessPolicyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest"
    }
}

/// A request to delete an `AccessPolicy`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteAccessPolicyRequest {
    /// Required. Resource name for the access policy to delete.
    ///
    /// Format `accessPolicies/{policy_id}`
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteAccessPolicyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteAccessPolicyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for DeleteAccessPolicyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest"
    }
}

/// A request to list all `AccessLevels` in an `AccessPolicy`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListAccessLevelsRequest {
    /// Required. Resource name for the access policy to list [Access Levels]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] from.
    ///
    /// Format:
    /// `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Number of [Access Levels]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] to include in
    /// the list. Default 100.
    pub page_size: i32,

    /// Next page token for the next batch of [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] instances.
    /// Defaults to the first page of results.
    pub page_token: std::string::String,

    /// Whether to return `BasicLevels` in the Cloud Common Expression language, as
    /// `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
    /// `AccessLevels` in the format they were defined.
    pub access_level_format: crate::model::LevelFormat,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListAccessLevelsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListAccessLevelsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListAccessLevelsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListAccessLevelsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [access_level_format][crate::model::ListAccessLevelsRequest::access_level_format].
    pub fn set_access_level_format<T: std::convert::Into<crate::model::LevelFormat>>(
        mut self,
        v: T,
    ) -> Self {
        self.access_level_format = v.into();
        self
    }
}

impl wkt::message::Message for ListAccessLevelsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListAccessLevelsRequest"
    }
}

/// A response to `ListAccessLevelsRequest`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListAccessLevelsResponse {
    /// List of the [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] instances.
    pub access_levels: std::vec::Vec<crate::model::AccessLevel>,

    /// The pagination token to retrieve the next page of results. If the value is
    /// empty, no further results remain.
    pub next_page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListAccessLevelsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [access_levels][crate::model::ListAccessLevelsResponse::access_levels].
    pub fn set_access_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AccessLevel>,
    {
        use std::iter::Iterator;
        self.access_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListAccessLevelsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListAccessLevelsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListAccessLevelsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListAccessLevelsResponse {
    type PageItem = crate::model::AccessLevel;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.access_levels
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// A request to get a particular `AccessLevel`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetAccessLevelRequest {
    /// Required. Resource name for the [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel].
    ///
    /// Format:
    /// `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
    pub name: std::string::String,

    /// Whether to return `BasicLevels` in the Cloud Common Expression
    /// Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
    /// [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
    /// are returned as `BasicLevels` or `CustomLevels` based on how they were
    /// created. If set to CEL, all [Access Levels]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] are returned as
    /// `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
    /// `CustomLevels`.
    pub access_level_format: crate::model::LevelFormat,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetAccessLevelRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetAccessLevelRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [access_level_format][crate::model::GetAccessLevelRequest::access_level_format].
    pub fn set_access_level_format<T: std::convert::Into<crate::model::LevelFormat>>(
        mut self,
        v: T,
    ) -> Self {
        self.access_level_format = v.into();
        self
    }
}

impl wkt::message::Message for GetAccessLevelRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.GetAccessLevelRequest"
    }
}

/// A request to create an `AccessLevel`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateAccessLevelRequest {
    /// Required. Resource name for the access policy which owns this [Access
    /// Level] [google.identity.accesscontextmanager.v1.AccessLevel].
    ///
    /// Format: `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Required. The [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] to create.
    /// Syntactic correctness of the [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] is a
    /// precondition for creation.
    pub access_level: std::option::Option<crate::model::AccessLevel>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateAccessLevelRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateAccessLevelRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [access_level][crate::model::CreateAccessLevelRequest::access_level].
    pub fn set_access_level<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::AccessLevel>,
    {
        self.access_level = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [access_level][crate::model::CreateAccessLevelRequest::access_level].
    pub fn set_or_clear_access_level<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::AccessLevel>,
    {
        self.access_level = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateAccessLevelRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.CreateAccessLevelRequest"
    }
}

/// A request to update an `AccessLevel`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateAccessLevelRequest {
    /// Required. The updated [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel]. Syntactic
    /// correctness of the [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] is a
    /// precondition for creation.
    pub access_level: std::option::Option<crate::model::AccessLevel>,

    /// Required. Mask to control which fields get updated. Must be non-empty.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateAccessLevelRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [access_level][crate::model::UpdateAccessLevelRequest::access_level].
    pub fn set_access_level<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::AccessLevel>,
    {
        self.access_level = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [access_level][crate::model::UpdateAccessLevelRequest::access_level].
    pub fn set_or_clear_access_level<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::AccessLevel>,
    {
        self.access_level = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateAccessLevelRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateAccessLevelRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateAccessLevelRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest"
    }
}

/// A request to delete an `AccessLevel`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteAccessLevelRequest {
    /// Required. Resource name for the [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel].
    ///
    /// Format:
    /// `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteAccessLevelRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteAccessLevelRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for DeleteAccessLevelRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest"
    }
}

/// A request to replace all existing Access Levels in an Access Policy with
/// the Access Levels provided. This is done atomically.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ReplaceAccessLevelsRequest {
    /// Required. Resource name for the access policy which owns these
    /// [Access Levels]
    /// [google.identity.accesscontextmanager.v1.AccessLevel].
    ///
    /// Format: `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Required. The desired [Access Levels]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] that should
    /// replace all existing [Access Levels]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] in the
    /// [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy].
    pub access_levels: std::vec::Vec<crate::model::AccessLevel>,

    /// Optional. The etag for the version of the [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy] that this
    /// replace operation is to be performed on. If, at the time of replace, the
    /// etag for the Access Policy stored in Access Context Manager is different
    /// from the specified etag, then the replace operation will not be performed
    /// and the call will fail. This field is not required. If etag is not
    /// provided, the operation will be performed as if a valid etag is provided.
    pub etag: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ReplaceAccessLevelsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ReplaceAccessLevelsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [access_levels][crate::model::ReplaceAccessLevelsRequest::access_levels].
    pub fn set_access_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AccessLevel>,
    {
        use std::iter::Iterator;
        self.access_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [etag][crate::model::ReplaceAccessLevelsRequest::etag].
    pub fn set_etag<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.etag = v.into();
        self
    }
}

impl wkt::message::Message for ReplaceAccessLevelsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest"
    }
}

/// A response to ReplaceAccessLevelsRequest. This will be put inside of
/// Operation.response field.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ReplaceAccessLevelsResponse {
    /// List of the [Access Level]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] instances.
    pub access_levels: std::vec::Vec<crate::model::AccessLevel>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ReplaceAccessLevelsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [access_levels][crate::model::ReplaceAccessLevelsResponse::access_levels].
    pub fn set_access_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AccessLevel>,
    {
        use std::iter::Iterator;
        self.access_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ReplaceAccessLevelsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse"
    }
}

/// A request to list all `ServicePerimeters` in an `AccessPolicy`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListServicePerimetersRequest {
    /// Required. Resource name for the access policy to list [Service Perimeters]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
    ///
    /// Format:
    /// `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Number of [Service Perimeters]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
    /// in the list. Default 100.
    pub page_size: i32,

    /// Next page token for the next batch of [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
    /// Defaults to the first page of results.
    pub page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListServicePerimetersRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListServicePerimetersRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListServicePerimetersRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListServicePerimetersRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListServicePerimetersRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListServicePerimetersRequest"
    }
}

/// A response to `ListServicePerimetersRequest`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListServicePerimetersResponse {
    /// List of the [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
    pub service_perimeters: std::vec::Vec<crate::model::ServicePerimeter>,

    /// The pagination token to retrieve the next page of results. If the value is
    /// empty, no further results remain.
    pub next_page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListServicePerimetersResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [service_perimeters][crate::model::ListServicePerimetersResponse::service_perimeters].
    pub fn set_service_perimeters<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ServicePerimeter>,
    {
        use std::iter::Iterator;
        self.service_perimeters = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListServicePerimetersResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListServicePerimetersResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListServicePerimetersResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListServicePerimetersResponse {
    type PageItem = crate::model::ServicePerimeter;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.service_perimeters
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// A request to get a particular `ServicePerimeter`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetServicePerimeterRequest {
    /// Required. Resource name for the [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter].
    ///
    /// Format:
    /// `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetServicePerimeterRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetServicePerimeterRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetServicePerimeterRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.GetServicePerimeterRequest"
    }
}

/// A request to create a `ServicePerimeter`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateServicePerimeterRequest {
    /// Required. Resource name for the access policy which owns this [Service
    /// Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
    ///
    /// Format: `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Required. The [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] to create.
    /// Syntactic correctness of the [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] is a
    /// precondition for creation.
    pub service_perimeter: std::option::Option<crate::model::ServicePerimeter>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateServicePerimeterRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateServicePerimeterRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [service_perimeter][crate::model::CreateServicePerimeterRequest::service_perimeter].
    pub fn set_service_perimeter<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeter>,
    {
        self.service_perimeter = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [service_perimeter][crate::model::CreateServicePerimeterRequest::service_perimeter].
    pub fn set_or_clear_service_perimeter<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeter>,
    {
        self.service_perimeter = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateServicePerimeterRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest"
    }
}

/// A request to update a `ServicePerimeter`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateServicePerimeterRequest {
    /// Required. The updated `ServicePerimeter`. Syntactic correctness of the
    /// `ServicePerimeter` is a precondition for creation.
    pub service_perimeter: std::option::Option<crate::model::ServicePerimeter>,

    /// Required. Mask to control which fields get updated. Must be non-empty.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateServicePerimeterRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [service_perimeter][crate::model::UpdateServicePerimeterRequest::service_perimeter].
    pub fn set_service_perimeter<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeter>,
    {
        self.service_perimeter = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [service_perimeter][crate::model::UpdateServicePerimeterRequest::service_perimeter].
    pub fn set_or_clear_service_perimeter<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeter>,
    {
        self.service_perimeter = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateServicePerimeterRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateServicePerimeterRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateServicePerimeterRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest"
    }
}

/// A request to delete a `ServicePerimeter`.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteServicePerimeterRequest {
    /// Required. Resource name for the [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter].
    ///
    /// Format:
    /// `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteServicePerimeterRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteServicePerimeterRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for DeleteServicePerimeterRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest"
    }
}

/// A request to replace all existing Service Perimeters in an Access Policy
/// with the Service Perimeters provided. This is done atomically.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ReplaceServicePerimetersRequest {
    /// Required. Resource name for the access policy which owns these
    /// [Service Perimeters]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter].
    ///
    /// Format: `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Required. The desired [Service Perimeters]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] that should
    /// replace all existing [Service Perimeters]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] in the
    /// [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy].
    pub service_perimeters: std::vec::Vec<crate::model::ServicePerimeter>,

    /// Optional. The etag for the version of the [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy] that this
    /// replace operation is to be performed on. If, at the time of replace, the
    /// etag for the Access Policy stored in Access Context Manager is different
    /// from the specified etag, then the replace operation will not be performed
    /// and the call will fail. This field is not required. If etag is not
    /// provided, the operation will be performed as if a valid etag is provided.
    pub etag: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ReplaceServicePerimetersRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ReplaceServicePerimetersRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [service_perimeters][crate::model::ReplaceServicePerimetersRequest::service_perimeters].
    pub fn set_service_perimeters<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ServicePerimeter>,
    {
        use std::iter::Iterator;
        self.service_perimeters = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [etag][crate::model::ReplaceServicePerimetersRequest::etag].
    pub fn set_etag<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.etag = v.into();
        self
    }
}

impl wkt::message::Message for ReplaceServicePerimetersRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest"
    }
}

/// A response to ReplaceServicePerimetersRequest. This will be put inside of
/// Operation.response field.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ReplaceServicePerimetersResponse {
    /// List of the [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
    pub service_perimeters: std::vec::Vec<crate::model::ServicePerimeter>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ReplaceServicePerimetersResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [service_perimeters][crate::model::ReplaceServicePerimetersResponse::service_perimeters].
    pub fn set_service_perimeters<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ServicePerimeter>,
    {
        use std::iter::Iterator;
        self.service_perimeters = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ReplaceServicePerimetersResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse"
    }
}

/// A request to commit dry-run specs in all [Service Perimeters]
/// [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to
/// an [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
///
/// [google.identity.accesscontextmanager.v1.AccessPolicy]: crate::model::AccessPolicy
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CommitServicePerimetersRequest {
    /// Required. Resource name for the parent [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
    /// [Service Perimeters]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
    /// the commit operation.
    ///
    /// Format: `accessPolicies/{policy_id}`
    pub parent: std::string::String,

    /// Optional. The etag for the version of the [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy] that this
    /// commit operation is to be performed on. If, at the time of commit, the
    /// etag for the Access Policy stored in Access Context Manager is different
    /// from the specified etag, then the commit operation will not be performed
    /// and the call will fail. This field is not required. If etag is not
    /// provided, the operation will be performed as if a valid etag is provided.
    pub etag: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CommitServicePerimetersRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CommitServicePerimetersRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [etag][crate::model::CommitServicePerimetersRequest::etag].
    pub fn set_etag<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.etag = v.into();
        self
    }
}

impl wkt::message::Message for CommitServicePerimetersRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest"
    }
}

/// A response to CommitServicePerimetersRequest. This will be put inside of
/// Operation.response field.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CommitServicePerimetersResponse {
    /// List of all the [Service Perimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] instances in
    /// the [Access Policy]
    /// [google.identity.accesscontextmanager.v1.AccessPolicy].
    pub service_perimeters: std::vec::Vec<crate::model::ServicePerimeter>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CommitServicePerimetersResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [service_perimeters][crate::model::CommitServicePerimetersResponse::service_perimeters].
    pub fn set_service_perimeters<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ServicePerimeter>,
    {
        use std::iter::Iterator;
        self.service_perimeters = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for CommitServicePerimetersResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse"
    }
}

/// Request of [ListGcpUserAccessBindings]
/// [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListGcpUserAccessBindingsRequest {
    /// Required. Example: "organizations/256"
    pub parent: std::string::String,

    /// Optional. Maximum number of items to return. The server may return fewer items.
    /// If left blank, the server may return any number of items.
    pub page_size: i32,

    /// Optional. If left blank, returns the first page. To enumerate all items, use the
    /// [next_page_token]
    /// [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
    /// from your previous list operation.
    pub page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListGcpUserAccessBindingsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListGcpUserAccessBindingsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListGcpUserAccessBindingsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListGcpUserAccessBindingsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListGcpUserAccessBindingsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest"
    }
}

/// Response of [ListGcpUserAccessBindings]
/// [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListGcpUserAccessBindingsResponse {
    /// [GcpUserAccessBinding]
    /// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
    pub gcp_user_access_bindings: std::vec::Vec<crate::model::GcpUserAccessBinding>,

    /// Token to get the next page of items. If blank, there are no more items.
    pub next_page_token: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListGcpUserAccessBindingsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [gcp_user_access_bindings][crate::model::ListGcpUserAccessBindingsResponse::gcp_user_access_bindings].
    pub fn set_gcp_user_access_bindings<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::GcpUserAccessBinding>,
    {
        use std::iter::Iterator;
        self.gcp_user_access_bindings = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListGcpUserAccessBindingsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListGcpUserAccessBindingsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListGcpUserAccessBindingsResponse {
    type PageItem = crate::model::GcpUserAccessBinding;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.gcp_user_access_bindings
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request of [GetGcpUserAccessBinding]
/// [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetGcpUserAccessBindingRequest {
    /// Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetGcpUserAccessBindingRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetGcpUserAccessBindingRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetGcpUserAccessBindingRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest"
    }
}

/// Request of [CreateGcpUserAccessBinding]
/// [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateGcpUserAccessBindingRequest {
    /// Required. Example: "organizations/256"
    pub parent: std::string::String,

    /// Required. [GcpUserAccessBinding]
    /// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
    pub gcp_user_access_binding: std::option::Option<crate::model::GcpUserAccessBinding>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateGcpUserAccessBindingRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateGcpUserAccessBindingRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [gcp_user_access_binding][crate::model::CreateGcpUserAccessBindingRequest::gcp_user_access_binding].
    pub fn set_gcp_user_access_binding<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::GcpUserAccessBinding>,
    {
        self.gcp_user_access_binding = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [gcp_user_access_binding][crate::model::CreateGcpUserAccessBindingRequest::gcp_user_access_binding].
    pub fn set_or_clear_gcp_user_access_binding<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::GcpUserAccessBinding>,
    {
        self.gcp_user_access_binding = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CreateGcpUserAccessBindingRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest"
    }
}

/// Request of [UpdateGcpUserAccessBinding]
/// [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateGcpUserAccessBindingRequest {
    /// Required. [GcpUserAccessBinding]
    /// [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
    pub gcp_user_access_binding: std::option::Option<crate::model::GcpUserAccessBinding>,

    /// Required. Only the fields specified in this mask are updated. Because name and
    /// group_key cannot be changed, update_mask is required and must always be:
    ///
    /// update_mask {
    /// paths: "access_levels"
    /// }
    pub update_mask: std::option::Option<wkt::FieldMask>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateGcpUserAccessBindingRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [gcp_user_access_binding][crate::model::UpdateGcpUserAccessBindingRequest::gcp_user_access_binding].
    pub fn set_gcp_user_access_binding<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::GcpUserAccessBinding>,
    {
        self.gcp_user_access_binding = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [gcp_user_access_binding][crate::model::UpdateGcpUserAccessBindingRequest::gcp_user_access_binding].
    pub fn set_or_clear_gcp_user_access_binding<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::GcpUserAccessBinding>,
    {
        self.gcp_user_access_binding = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateGcpUserAccessBindingRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateGcpUserAccessBindingRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for UpdateGcpUserAccessBindingRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest"
    }
}

/// Request of [DeleteGcpUserAccessBinding]
/// [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteGcpUserAccessBindingRequest {
    /// Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteGcpUserAccessBindingRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteGcpUserAccessBindingRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for DeleteGcpUserAccessBindingRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest"
    }
}

/// Currently, a completed operation means nothing. In the future, this metadata
/// and a completed operation may indicate that the binding has taken effect and
/// is affecting access decisions for all users.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GcpUserAccessBindingOperationMetadata {
    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GcpUserAccessBindingOperationMetadata {
    pub fn new() -> Self {
        std::default::Default::default()
    }
}

impl wkt::message::Message for GcpUserAccessBindingOperationMetadata {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata"
    }
}

/// Metadata of Access Context Manager's Long Running Operations.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AccessContextManagerOperationMetadata {
    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AccessContextManagerOperationMetadata {
    pub fn new() -> Self {
        std::default::Default::default()
    }
}

impl wkt::message::Message for AccessContextManagerOperationMetadata {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata"
    }
}

/// An `AccessLevel` is a label that can be applied to requests to Google Cloud
/// services, along with a list of requirements necessary for the label to be
/// applied.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AccessLevel {
    /// Required. Resource name for the Access Level. The `short_name` component
    /// must begin with a letter and only include alphanumeric and '_'. Format:
    /// `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum
    /// length of the `access_level` component is 50 characters.
    pub name: std::string::String,

    /// Human readable title. Must be unique within the Policy.
    pub title: std::string::String,

    /// Description of the `AccessLevel` and its use. Does not affect behavior.
    pub description: std::string::String,

    /// Output only. Time the `AccessLevel` was created in UTC.
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. Time the `AccessLevel` was updated in UTC.
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Required. Describes the necessary conditions for the level to apply.
    pub level: std::option::Option<crate::model::access_level::Level>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AccessLevel {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::AccessLevel::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [title][crate::model::AccessLevel::title].
    pub fn set_title<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.title = v.into();
        self
    }

    /// Sets the value of [description][crate::model::AccessLevel::description].
    pub fn set_description<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.description = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::AccessLevel::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::AccessLevel::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::AccessLevel::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::AccessLevel::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [level][crate::model::AccessLevel::level].
    ///
    /// Note that all the setters affecting `level` are mutually
    /// exclusive.
    pub fn set_level<
        T: std::convert::Into<std::option::Option<crate::model::access_level::Level>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.level = v.into();
        self
    }

    /// The value of [level][crate::model::AccessLevel::level]
    /// if it holds a `Basic`, `None` if the field is not set or
    /// holds a different branch.
    pub fn basic(&self) -> std::option::Option<&std::boxed::Box<crate::model::BasicLevel>> {
        #[allow(unreachable_patterns)]
        self.level.as_ref().and_then(|v| match v {
            crate::model::access_level::Level::Basic(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [level][crate::model::AccessLevel::level]
    /// to hold a `Basic`.
    ///
    /// Note that all the setters affecting `level` are
    /// mutually exclusive.
    pub fn set_basic<T: std::convert::Into<std::boxed::Box<crate::model::BasicLevel>>>(
        mut self,
        v: T,
    ) -> Self {
        self.level = std::option::Option::Some(crate::model::access_level::Level::Basic(v.into()));
        self
    }

    /// The value of [level][crate::model::AccessLevel::level]
    /// if it holds a `Custom`, `None` if the field is not set or
    /// holds a different branch.
    pub fn custom(&self) -> std::option::Option<&std::boxed::Box<crate::model::CustomLevel>> {
        #[allow(unreachable_patterns)]
        self.level.as_ref().and_then(|v| match v {
            crate::model::access_level::Level::Custom(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [level][crate::model::AccessLevel::level]
    /// to hold a `Custom`.
    ///
    /// Note that all the setters affecting `level` are
    /// mutually exclusive.
    pub fn set_custom<T: std::convert::Into<std::boxed::Box<crate::model::CustomLevel>>>(
        mut self,
        v: T,
    ) -> Self {
        self.level = std::option::Option::Some(crate::model::access_level::Level::Custom(v.into()));
        self
    }
}

impl wkt::message::Message for AccessLevel {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.AccessLevel"
    }
}

/// Defines additional types related to [AccessLevel].
pub mod access_level {
    #[allow(unused_imports)]
    use super::*;

    /// Required. Describes the necessary conditions for the level to apply.
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum Level {
        /// A `BasicLevel` composed of `Conditions`.
        Basic(std::boxed::Box<crate::model::BasicLevel>),
        /// A `CustomLevel` written in the Common Expression Language.
        Custom(std::boxed::Box<crate::model::CustomLevel>),
    }
}

/// `BasicLevel` is an `AccessLevel` using a set of recommended features.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct BasicLevel {
    /// Required. A list of requirements for the `AccessLevel` to be granted.
    pub conditions: std::vec::Vec<crate::model::Condition>,

    /// How the `conditions` list should be combined to determine if a request is
    /// granted this `AccessLevel`. If AND is used, each `Condition` in
    /// `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
    /// is used, at least one `Condition` in `conditions` must be satisfied for the
    /// `AccessLevel` to be applied. Default behavior is AND.
    pub combining_function: crate::model::basic_level::ConditionCombiningFunction,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl BasicLevel {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [conditions][crate::model::BasicLevel::conditions].
    pub fn set_conditions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::Condition>,
    {
        use std::iter::Iterator;
        self.conditions = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [combining_function][crate::model::BasicLevel::combining_function].
    pub fn set_combining_function<
        T: std::convert::Into<crate::model::basic_level::ConditionCombiningFunction>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.combining_function = v.into();
        self
    }
}

impl wkt::message::Message for BasicLevel {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.BasicLevel"
    }
}

/// Defines additional types related to [BasicLevel].
pub mod basic_level {
    #[allow(unused_imports)]
    use super::*;

    /// Options for how the `conditions` list should be combined to determine if
    /// this `AccessLevel` is applied. Default is AND.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum ConditionCombiningFunction {
        /// All `Conditions` must be true for the `BasicLevel` to be true.
        And,
        /// If at least one `Condition` is true, then the `BasicLevel` is true.
        Or,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [ConditionCombiningFunction::value] or
        /// [ConditionCombiningFunction::name].
        UnknownValue(condition_combining_function::UnknownValue),
    }

    #[doc(hidden)]
    pub mod condition_combining_function {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl ConditionCombiningFunction {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::And => std::option::Option::Some(0),
                Self::Or => std::option::Option::Some(1),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::And => std::option::Option::Some("AND"),
                Self::Or => std::option::Option::Some("OR"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for ConditionCombiningFunction {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for ConditionCombiningFunction {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for ConditionCombiningFunction {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::And,
                1 => Self::Or,
                _ => Self::UnknownValue(condition_combining_function::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for ConditionCombiningFunction {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "AND" => Self::And,
                "OR" => Self::Or,
                _ => Self::UnknownValue(condition_combining_function::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for ConditionCombiningFunction {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::And => serializer.serialize_i32(0),
                Self::Or => serializer.serialize_i32(1),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for ConditionCombiningFunction {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<ConditionCombiningFunction>::new(
                ".google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction"))
        }
    }
}

/// A condition necessary for an `AccessLevel` to be granted. The Condition is an
/// AND over its fields. So a Condition is true if: 1) the request IP is from one
/// of the listed subnetworks AND 2) the originating device complies with the
/// listed device policy AND 3) all listed access levels are granted AND 4) the
/// request was sent at a time allowed by the DateTimeRestriction.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct Condition {
    /// CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
    /// a CIDR IP address block, the specified IP address portion must be properly
    /// truncated (i.e. all the host bits must be zero) or the input is considered
    /// malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
    /// not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
    /// "2001:db8::1/32" is not. The originating IP of a request must be in one of
    /// the listed subnets in order for this Condition to be true. If empty, all IP
    /// addresses are allowed.
    pub ip_subnetworks: std::vec::Vec<std::string::String>,

    /// Device specific restrictions, all restrictions must hold for the
    /// Condition to be true. If not specified, all devices are allowed.
    pub device_policy: std::option::Option<crate::model::DevicePolicy>,

    /// A list of other access levels defined in the same `Policy`, referenced by
    /// resource name. Referencing an `AccessLevel` which does not exist is an
    /// error. All access levels listed must be granted for the Condition
    /// to be true. Example:
    /// "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
    pub required_access_levels: std::vec::Vec<std::string::String>,

    /// Whether to negate the Condition. If true, the Condition becomes a NAND over
    /// its non-empty fields, each field must be false for the Condition overall to
    /// be satisfied. Defaults to false.
    pub negate: bool,

    /// The request must be made by one of the provided user or service
    /// accounts. Groups are not supported.
    /// Syntax:
    /// `user:{emailid}`
    /// `serviceAccount:{emailid}`
    /// If not specified, a request may come from any user.
    pub members: std::vec::Vec<std::string::String>,

    /// The request must originate from one of the provided countries/regions.
    /// Must be valid ISO 3166-1 alpha-2 codes.
    pub regions: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Condition {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ip_subnetworks][crate::model::Condition::ip_subnetworks].
    pub fn set_ip_subnetworks<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.ip_subnetworks = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [device_policy][crate::model::Condition::device_policy].
    pub fn set_device_policy<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::DevicePolicy>,
    {
        self.device_policy = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [device_policy][crate::model::Condition::device_policy].
    pub fn set_or_clear_device_policy<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::DevicePolicy>,
    {
        self.device_policy = v.map(|x| x.into());
        self
    }

    /// Sets the value of [required_access_levels][crate::model::Condition::required_access_levels].
    pub fn set_required_access_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.required_access_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [negate][crate::model::Condition::negate].
    pub fn set_negate<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.negate = v.into();
        self
    }

    /// Sets the value of [members][crate::model::Condition::members].
    pub fn set_members<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.members = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [regions][crate::model::Condition::regions].
    pub fn set_regions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.regions = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for Condition {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.Condition"
    }
}

/// `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
/// to represent the necessary conditions for the level to apply to a request.
/// See CEL spec at: <https://github.com/google/cel-spec>
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CustomLevel {
    /// Required. A Cloud CEL expression evaluating to a boolean.
    pub expr: std::option::Option<gtype::model::Expr>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CustomLevel {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [expr][crate::model::CustomLevel::expr].
    pub fn set_expr<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<gtype::model::Expr>,
    {
        self.expr = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [expr][crate::model::CustomLevel::expr].
    pub fn set_or_clear_expr<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<gtype::model::Expr>,
    {
        self.expr = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CustomLevel {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.CustomLevel"
    }
}

/// `DevicePolicy` specifies device specific restrictions necessary to acquire a
/// given access level. A `DevicePolicy` specifies requirements for requests from
/// devices to be granted access levels, it does not do any enforcement on the
/// device. `DevicePolicy` acts as an AND over all specified fields, and each
/// repeated field is an OR over its elements. Any unset fields are ignored. For
/// example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
/// DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
/// true for requests originating from encrypted Linux desktops and encrypted
/// Windows desktops.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DevicePolicy {
    /// Whether or not screenlock is required for the DevicePolicy to be true.
    /// Defaults to `false`.
    pub require_screenlock: bool,

    /// Allowed encryptions statuses, an empty list allows all statuses.
    pub allowed_encryption_statuses:
        std::vec::Vec<accesscontextmanager_type::model::DeviceEncryptionStatus>,

    /// Allowed OS versions, an empty list allows all types and all versions.
    pub os_constraints: std::vec::Vec<crate::model::OsConstraint>,

    /// Allowed device management levels, an empty list allows all management
    /// levels.
    pub allowed_device_management_levels:
        std::vec::Vec<accesscontextmanager_type::model::DeviceManagementLevel>,

    /// Whether the device needs to be approved by the customer admin.
    pub require_admin_approval: bool,

    /// Whether the device needs to be corp owned.
    pub require_corp_owned: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DevicePolicy {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [require_screenlock][crate::model::DevicePolicy::require_screenlock].
    pub fn set_require_screenlock<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.require_screenlock = v.into();
        self
    }

    /// Sets the value of [allowed_encryption_statuses][crate::model::DevicePolicy::allowed_encryption_statuses].
    pub fn set_allowed_encryption_statuses<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<accesscontextmanager_type::model::DeviceEncryptionStatus>,
    {
        use std::iter::Iterator;
        self.allowed_encryption_statuses = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [os_constraints][crate::model::DevicePolicy::os_constraints].
    pub fn set_os_constraints<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::OsConstraint>,
    {
        use std::iter::Iterator;
        self.os_constraints = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [allowed_device_management_levels][crate::model::DevicePolicy::allowed_device_management_levels].
    pub fn set_allowed_device_management_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<accesscontextmanager_type::model::DeviceManagementLevel>,
    {
        use std::iter::Iterator;
        self.allowed_device_management_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [require_admin_approval][crate::model::DevicePolicy::require_admin_approval].
    pub fn set_require_admin_approval<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.require_admin_approval = v.into();
        self
    }

    /// Sets the value of [require_corp_owned][crate::model::DevicePolicy::require_corp_owned].
    pub fn set_require_corp_owned<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.require_corp_owned = v.into();
        self
    }
}

impl wkt::message::Message for DevicePolicy {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.DevicePolicy"
    }
}

/// A restriction on the OS type and version of devices making requests.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct OsConstraint {
    /// Required. The allowed OS type.
    pub os_type: accesscontextmanager_type::model::OsType,

    /// The minimum allowed OS version. If not set, any version of this OS
    /// satisfies the constraint. Format: `"major.minor.patch"`.
    /// Examples: `"10.5.301"`, `"9.2.1"`.
    pub minimum_version: std::string::String,

    /// Only allows requests from devices with a verified Chrome OS.
    /// Verifications includes requirements that the device is enterprise-managed,
    /// conformant to domain policies, and the caller has permission to call
    /// the API targeted by the request.
    pub require_verified_chrome_os: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl OsConstraint {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [os_type][crate::model::OsConstraint::os_type].
    pub fn set_os_type<T: std::convert::Into<accesscontextmanager_type::model::OsType>>(
        mut self,
        v: T,
    ) -> Self {
        self.os_type = v.into();
        self
    }

    /// Sets the value of [minimum_version][crate::model::OsConstraint::minimum_version].
    pub fn set_minimum_version<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.minimum_version = v.into();
        self
    }

    /// Sets the value of [require_verified_chrome_os][crate::model::OsConstraint::require_verified_chrome_os].
    pub fn set_require_verified_chrome_os<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.require_verified_chrome_os = v.into();
        self
    }
}

impl wkt::message::Message for OsConstraint {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.OsConstraint"
    }
}

/// `AccessPolicy` is a container for `AccessLevels` (which define the necessary
/// attributes to use Google Cloud services) and `ServicePerimeters` (which
/// define regions of services able to freely pass data within a perimeter). An
/// access policy is globally visible within an organization, and the
/// restrictions it specifies apply to all projects within an organization.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AccessPolicy {
    /// Output only. Resource name of the `AccessPolicy`. Format:
    /// `accessPolicies/{access_policy}`
    pub name: std::string::String,

    /// Required. The parent of this `AccessPolicy` in the Cloud Resource
    /// Hierarchy. Currently immutable once created. Format:
    /// `organizations/{organization_id}`
    pub parent: std::string::String,

    /// Required. Human readable title. Does not affect behavior.
    pub title: std::string::String,

    /// The scopes of a policy define which resources an ACM policy can restrict,
    /// and where ACM resources can be referenced.
    /// For example, a policy with scopes=["folders/123"] has the following
    /// behavior:
    ///
    /// - vpcsc perimeters can only restrict projects within folders/123
    /// - access levels can only be referenced by resources within folders/123.
    ///   If empty, there are no limitations on which resources can be restricted by
    ///   an ACM policy, and there are no limitations on where ACM resources can be
    ///   referenced.
    ///   Only one policy can include a given scope (attempting to create a second
    ///   policy which includes "folders/123" will result in an error).
    ///   Currently, scopes cannot be modified after a policy is created.
    ///   Currently, policies can only have a single scope.
    ///   Format: list of `folders/{folder_number}` or `projects/{project_number}`
    pub scopes: std::vec::Vec<std::string::String>,

    /// Output only. Time the `AccessPolicy` was created in UTC.
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. Time the `AccessPolicy` was updated in UTC.
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Output only. An opaque identifier for the current version of the
    /// `AccessPolicy`. This will always be a strongly validated etag, meaning that
    /// two Access Polices will be identical if and only if their etags are
    /// identical. Clients should not expect this to be in any specific format.
    pub etag: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AccessPolicy {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::AccessPolicy::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [parent][crate::model::AccessPolicy::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [title][crate::model::AccessPolicy::title].
    pub fn set_title<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.title = v.into();
        self
    }

    /// Sets the value of [scopes][crate::model::AccessPolicy::scopes].
    pub fn set_scopes<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.scopes = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [create_time][crate::model::AccessPolicy::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::AccessPolicy::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::AccessPolicy::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::AccessPolicy::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [etag][crate::model::AccessPolicy::etag].
    pub fn set_etag<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.etag = v.into();
        self
    }
}

impl wkt::message::Message for AccessPolicy {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.AccessPolicy"
    }
}

/// Restricts access to Cloud Console and Google Cloud APIs for a set of users
/// using Context-Aware Access.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GcpUserAccessBinding {
    /// Immutable. Assigned by the server during creation. The last segment has an arbitrary
    /// length and has only URI unreserved characters (as defined by
    /// [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)).
    /// Should not be specified by the client during creation.
    /// Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
    pub name: std::string::String,

    /// Required. Immutable. Google Group id whose members are subject to this binding's restrictions.
    /// See "id" in the [G Suite Directory API's Groups resource]
    /// (<https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource>).
    /// If a group's email address/alias is changed, this resource will continue
    /// to point at the changed group. This field does not accept group email
    /// addresses or aliases.
    /// Example: "01d520gv4vjcrht"
    pub group_key: std::string::String,

    /// Required. Access level that a user must have to be granted access. Only one access
    /// level is supported, not multiple. This repeated field must have exactly
    /// one element.
    /// Example: "accessPolicies/9522/accessLevels/device_trusted"
    pub access_levels: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GcpUserAccessBinding {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GcpUserAccessBinding::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [group_key][crate::model::GcpUserAccessBinding::group_key].
    pub fn set_group_key<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.group_key = v.into();
        self
    }

    /// Sets the value of [access_levels][crate::model::GcpUserAccessBinding::access_levels].
    pub fn set_access_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.access_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for GcpUserAccessBinding {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.GcpUserAccessBinding"
    }
}

/// `ServicePerimeter` describes a set of Google Cloud resources which can freely
/// import and export data amongst themselves, but not export outside of the
/// `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
/// has a target outside of the `ServicePerimeter`, the request will be blocked.
/// Otherwise the request is allowed. There are two types of Service Perimeter -
/// Regular and Bridge. Regular Service Perimeters cannot overlap, a single
/// Google Cloud project can only belong to a single regular Service Perimeter.
/// Service Perimeter Bridges can contain only Google Cloud projects as members,
/// a single Google Cloud project may belong to multiple Service Perimeter
/// Bridges.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ServicePerimeter {
    /// Required. Resource name for the ServicePerimeter.  The `short_name`
    /// component must begin with a letter and only include alphanumeric and '_'.
    /// Format:
    /// `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`
    pub name: std::string::String,

    /// Human readable title. Must be unique within the Policy.
    pub title: std::string::String,

    /// Description of the `ServicePerimeter` and its use. Does not affect
    /// behavior.
    pub description: std::string::String,

    /// Output only. Time the `ServicePerimeter` was created in UTC.
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. Time the `ServicePerimeter` was updated in UTC.
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Perimeter type indicator. A single project is
    /// allowed to be a member of single regular perimeter, but multiple service
    /// perimeter bridges. A project cannot be a included in a perimeter bridge
    /// without being included in regular perimeter. For perimeter bridges,
    /// the restricted service list as well as access level lists must be
    /// empty.
    pub perimeter_type: crate::model::service_perimeter::PerimeterType,

    /// Current ServicePerimeter configuration. Specifies sets of resources,
    /// restricted services and access levels that determine perimeter
    /// content and boundaries.
    pub status: std::option::Option<crate::model::ServicePerimeterConfig>,

    /// Proposed (or dry run) ServicePerimeter configuration. This configuration
    /// allows to specify and test ServicePerimeter configuration without enforcing
    /// actual access restrictions. Only allowed to be set when the
    /// "use_explicit_dry_run_spec" flag is set.
    pub spec: std::option::Option<crate::model::ServicePerimeterConfig>,

    /// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
    /// exists  for all Service Perimeters, and that spec is identical to the
    /// status for those Service Perimeters. When this flag is set, it inhibits the
    /// generation of the implicit spec, thereby allowing the user to explicitly
    /// provide a configuration ("spec") to use in a dry-run version of the Service
    /// Perimeter. This allows the user to test changes to the enforced config
    /// ("status") without actually enforcing them. This testing is done through
    /// analyzing the differences between currently enforced and suggested
    /// restrictions. use_explicit_dry_run_spec must bet set to True if any of the
    /// fields in the spec are set to non-default values.
    pub use_explicit_dry_run_spec: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ServicePerimeter {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::ServicePerimeter::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [title][crate::model::ServicePerimeter::title].
    pub fn set_title<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.title = v.into();
        self
    }

    /// Sets the value of [description][crate::model::ServicePerimeter::description].
    pub fn set_description<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.description = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::ServicePerimeter::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::ServicePerimeter::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::ServicePerimeter::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::ServicePerimeter::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [perimeter_type][crate::model::ServicePerimeter::perimeter_type].
    pub fn set_perimeter_type<
        T: std::convert::Into<crate::model::service_perimeter::PerimeterType>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.perimeter_type = v.into();
        self
    }

    /// Sets the value of [status][crate::model::ServicePerimeter::status].
    pub fn set_status<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeterConfig>,
    {
        self.status = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [status][crate::model::ServicePerimeter::status].
    pub fn set_or_clear_status<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeterConfig>,
    {
        self.status = v.map(|x| x.into());
        self
    }

    /// Sets the value of [spec][crate::model::ServicePerimeter::spec].
    pub fn set_spec<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeterConfig>,
    {
        self.spec = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [spec][crate::model::ServicePerimeter::spec].
    pub fn set_or_clear_spec<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ServicePerimeterConfig>,
    {
        self.spec = v.map(|x| x.into());
        self
    }

    /// Sets the value of [use_explicit_dry_run_spec][crate::model::ServicePerimeter::use_explicit_dry_run_spec].
    pub fn set_use_explicit_dry_run_spec<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.use_explicit_dry_run_spec = v.into();
        self
    }
}

impl wkt::message::Message for ServicePerimeter {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeter"
    }
}

/// Defines additional types related to [ServicePerimeter].
pub mod service_perimeter {
    #[allow(unused_imports)]
    use super::*;

    /// Specifies the type of the Perimeter. There are two types: regular and
    /// bridge. Regular Service Perimeter contains resources, access levels, and
    /// restricted services. Every resource can be in at most ONE
    /// regular Service Perimeter.
    ///
    /// In addition to being in a regular service perimeter, a resource can also
    /// be in zero or more perimeter bridges.  A perimeter bridge only contains
    /// resources.  Cross project operations are permitted if all effected
    /// resources share some perimeter (whether bridge or regular). Perimeter
    /// Bridge does not contain access levels or services: those are governed
    /// entirely by the regular perimeter that resource is in.
    ///
    /// Perimeter Bridges are typically useful when building more complex toplogies
    /// with many independent perimeters that need to share some data with a common
    /// perimeter, but should not be able to share data among themselves.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum PerimeterType {
        /// Regular Perimeter.
        Regular,
        /// Perimeter Bridge.
        Bridge,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [PerimeterType::value] or
        /// [PerimeterType::name].
        UnknownValue(perimeter_type::UnknownValue),
    }

    #[doc(hidden)]
    pub mod perimeter_type {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl PerimeterType {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Regular => std::option::Option::Some(0),
                Self::Bridge => std::option::Option::Some(1),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Regular => std::option::Option::Some("PERIMETER_TYPE_REGULAR"),
                Self::Bridge => std::option::Option::Some("PERIMETER_TYPE_BRIDGE"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for PerimeterType {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for PerimeterType {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for PerimeterType {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Regular,
                1 => Self::Bridge,
                _ => Self::UnknownValue(perimeter_type::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for PerimeterType {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "PERIMETER_TYPE_REGULAR" => Self::Regular,
                "PERIMETER_TYPE_BRIDGE" => Self::Bridge,
                _ => Self::UnknownValue(perimeter_type::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for PerimeterType {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Regular => serializer.serialize_i32(0),
                Self::Bridge => serializer.serialize_i32(1),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for PerimeterType {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<PerimeterType>::new(
                ".google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType",
            ))
        }
    }
}

/// `ServicePerimeterConfig` specifies a set of Google Cloud resources that
/// describe specific Service Perimeter configuration.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ServicePerimeterConfig {
    /// A list of Google Cloud resources that are inside of the service perimeter.
    /// Currently only projects are allowed. Format: `projects/{project_number}`
    pub resources: std::vec::Vec<std::string::String>,

    /// A list of `AccessLevel` resource names that allow resources within the
    /// `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
    /// must be in the same policy as this `ServicePerimeter`. Referencing a
    /// nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
    /// listed, resources within the perimeter can only be accessed via Google
    /// Cloud calls with request origins within the perimeter. Example:
    /// `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
    /// For Service Perimeter Bridge, must be empty.
    pub access_levels: std::vec::Vec<std::string::String>,

    /// Google Cloud services that are subject to the Service Perimeter
    /// restrictions. For example, if `storage.googleapis.com` is specified, access
    /// to the storage buckets inside the perimeter must meet the perimeter's
    /// access restrictions.
    pub restricted_services: std::vec::Vec<std::string::String>,

    /// Configuration for APIs allowed within Perimeter.
    pub vpc_accessible_services:
        std::option::Option<crate::model::service_perimeter_config::VpcAccessibleServices>,

    /// List of [IngressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// to apply to the perimeter. A perimeter may have multiple [IngressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy],
    /// each of which is evaluated separately. Access is granted if any [Ingress
    /// Policy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// grants it. Must be empty for a perimeter bridge.
    pub ingress_policies: std::vec::Vec<crate::model::service_perimeter_config::IngressPolicy>,

    /// List of [EgressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// to apply to the perimeter. A perimeter may have multiple [EgressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy],
    /// each of which is evaluated separately. Access is granted if any
    /// [EgressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// grants it. Must be empty for a perimeter bridge.
    pub egress_policies: std::vec::Vec<crate::model::service_perimeter_config::EgressPolicy>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ServicePerimeterConfig {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [resources][crate::model::ServicePerimeterConfig::resources].
    pub fn set_resources<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.resources = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [access_levels][crate::model::ServicePerimeterConfig::access_levels].
    pub fn set_access_levels<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.access_levels = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [restricted_services][crate::model::ServicePerimeterConfig::restricted_services].
    pub fn set_restricted_services<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.restricted_services = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [vpc_accessible_services][crate::model::ServicePerimeterConfig::vpc_accessible_services].
    pub fn set_vpc_accessible_services<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::service_perimeter_config::VpcAccessibleServices>,
    {
        self.vpc_accessible_services = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [vpc_accessible_services][crate::model::ServicePerimeterConfig::vpc_accessible_services].
    pub fn set_or_clear_vpc_accessible_services<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::service_perimeter_config::VpcAccessibleServices>,
    {
        self.vpc_accessible_services = v.map(|x| x.into());
        self
    }

    /// Sets the value of [ingress_policies][crate::model::ServicePerimeterConfig::ingress_policies].
    pub fn set_ingress_policies<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::service_perimeter_config::IngressPolicy>,
    {
        use std::iter::Iterator;
        self.ingress_policies = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [egress_policies][crate::model::ServicePerimeterConfig::egress_policies].
    pub fn set_egress_policies<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::service_perimeter_config::EgressPolicy>,
    {
        use std::iter::Iterator;
        self.egress_policies = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ServicePerimeterConfig {
    fn typename() -> &'static str {
        "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig"
    }
}

/// Defines additional types related to [ServicePerimeterConfig].
pub mod service_perimeter_config {
    #[allow(unused_imports)]
    use super::*;

    /// Specifies how APIs are allowed to communicate within the Service
    /// Perimeter.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct VpcAccessibleServices {
        /// Whether to restrict API calls within the Service Perimeter to the list of
        /// APIs specified in 'allowed_services'.
        pub enable_restriction: bool,

        /// The list of APIs usable within the Service Perimeter. Must be empty
        /// unless 'enable_restriction' is True. You can specify a list of individual
        /// services, as well as include the 'RESTRICTED-SERVICES' value, which
        /// automatically includes all of the services protected by the perimeter.
        pub allowed_services: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl VpcAccessibleServices {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [enable_restriction][crate::model::service_perimeter_config::VpcAccessibleServices::enable_restriction].
        pub fn set_enable_restriction<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.enable_restriction = v.into();
            self
        }

        /// Sets the value of [allowed_services][crate::model::service_perimeter_config::VpcAccessibleServices::allowed_services].
        pub fn set_allowed_services<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.allowed_services = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for VpcAccessibleServices {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices"
        }
    }

    /// An allowed method or permission of a service specified in [ApiOperation]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct MethodSelector {
        /// The API method name or Cloud IAM permission name to allow.
        pub kind:
            std::option::Option<crate::model::service_perimeter_config::method_selector::Kind>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl MethodSelector {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [kind][crate::model::service_perimeter_config::MethodSelector::kind].
        ///
        /// Note that all the setters affecting `kind` are mutually
        /// exclusive.
        pub fn set_kind<
            T: std::convert::Into<
                    std::option::Option<
                        crate::model::service_perimeter_config::method_selector::Kind,
                    >,
                >,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.kind = v.into();
            self
        }

        /// The value of [kind][crate::model::service_perimeter_config::MethodSelector::kind]
        /// if it holds a `Method`, `None` if the field is not set or
        /// holds a different branch.
        pub fn method(&self) -> std::option::Option<&std::string::String> {
            #[allow(unreachable_patterns)]
            self.kind.as_ref().and_then(|v| match v {
                crate::model::service_perimeter_config::method_selector::Kind::Method(v) => {
                    std::option::Option::Some(v)
                }
                _ => std::option::Option::None,
            })
        }

        /// Sets the value of [kind][crate::model::service_perimeter_config::MethodSelector::kind]
        /// to hold a `Method`.
        ///
        /// Note that all the setters affecting `kind` are
        /// mutually exclusive.
        pub fn set_method<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.kind = std::option::Option::Some(
                crate::model::service_perimeter_config::method_selector::Kind::Method(v.into()),
            );
            self
        }

        /// The value of [kind][crate::model::service_perimeter_config::MethodSelector::kind]
        /// if it holds a `Permission`, `None` if the field is not set or
        /// holds a different branch.
        pub fn permission(&self) -> std::option::Option<&std::string::String> {
            #[allow(unreachable_patterns)]
            self.kind.as_ref().and_then(|v| match v {
                crate::model::service_perimeter_config::method_selector::Kind::Permission(v) => {
                    std::option::Option::Some(v)
                }
                _ => std::option::Option::None,
            })
        }

        /// Sets the value of [kind][crate::model::service_perimeter_config::MethodSelector::kind]
        /// to hold a `Permission`.
        ///
        /// Note that all the setters affecting `kind` are
        /// mutually exclusive.
        pub fn set_permission<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.kind = std::option::Option::Some(
                crate::model::service_perimeter_config::method_selector::Kind::Permission(v.into()),
            );
            self
        }
    }

    impl wkt::message::Message for MethodSelector {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector"
        }
    }

    /// Defines additional types related to [MethodSelector].
    pub mod method_selector {
        #[allow(unused_imports)]
        use super::*;

        /// The API method name or Cloud IAM permission name to allow.
        #[derive(Clone, Debug, PartialEq)]
        #[non_exhaustive]
        pub enum Kind {
            /// Value for `method` should be a valid method name for the corresponding
            /// `service_name` in [ApiOperation]
            /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
            /// If `*` used as value for `method`, then ALL methods and permissions are
            /// allowed.
            Method(std::string::String),
            /// Value for `permission` should be a valid Cloud IAM permission for the
            /// corresponding `service_name` in [ApiOperation]
            /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
            Permission(std::string::String),
        }
    }

    /// Identification for an API Operation.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct ApiOperation {
        /// The name of the API whose methods or permissions the [IngressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
        /// or [EgressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
        /// want to allow. A single [ApiOperation]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
        /// with `service_name` field set to `*` will allow all methods AND
        /// permissions for all services.
        pub service_name: std::string::String,

        /// API methods or permissions to allow. Method or permission must belong to
        /// the service specified by `service_name` field. A single [MethodSelector]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector]
        /// entry with `*` specified for the `method` field will allow all methods
        /// AND permissions for the service specified in `service_name`.
        pub method_selectors: std::vec::Vec<crate::model::service_perimeter_config::MethodSelector>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl ApiOperation {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [service_name][crate::model::service_perimeter_config::ApiOperation::service_name].
        pub fn set_service_name<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.service_name = v.into();
            self
        }

        /// Sets the value of [method_selectors][crate::model::service_perimeter_config::ApiOperation::method_selectors].
        pub fn set_method_selectors<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<crate::model::service_perimeter_config::MethodSelector>,
        {
            use std::iter::Iterator;
            self.method_selectors = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for ApiOperation {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
        }
    }

    /// The source that [IngressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// authorizes access from.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct IngressSource {
        /// Allowed ingress source. It can be one of [AccessLevel]
        /// [google.identity.accesscontextmanager.v1.AccessLevel] or Google
        /// Cloud resource.
        pub source:
            std::option::Option<crate::model::service_perimeter_config::ingress_source::Source>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl IngressSource {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [source][crate::model::service_perimeter_config::IngressSource::source].
        ///
        /// Note that all the setters affecting `source` are mutually
        /// exclusive.
        pub fn set_source<
            T: std::convert::Into<
                    std::option::Option<
                        crate::model::service_perimeter_config::ingress_source::Source,
                    >,
                >,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.source = v.into();
            self
        }

        /// The value of [source][crate::model::service_perimeter_config::IngressSource::source]
        /// if it holds a `AccessLevel`, `None` if the field is not set or
        /// holds a different branch.
        pub fn access_level(&self) -> std::option::Option<&std::string::String> {
            #[allow(unreachable_patterns)]
            self.source.as_ref().and_then(|v| match v {
                crate::model::service_perimeter_config::ingress_source::Source::AccessLevel(v) => {
                    std::option::Option::Some(v)
                }
                _ => std::option::Option::None,
            })
        }

        /// Sets the value of [source][crate::model::service_perimeter_config::IngressSource::source]
        /// to hold a `AccessLevel`.
        ///
        /// Note that all the setters affecting `source` are
        /// mutually exclusive.
        pub fn set_access_level<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.source = std::option::Option::Some(
                crate::model::service_perimeter_config::ingress_source::Source::AccessLevel(
                    v.into(),
                ),
            );
            self
        }

        /// The value of [source][crate::model::service_perimeter_config::IngressSource::source]
        /// if it holds a `Resource`, `None` if the field is not set or
        /// holds a different branch.
        pub fn resource(&self) -> std::option::Option<&std::string::String> {
            #[allow(unreachable_patterns)]
            self.source.as_ref().and_then(|v| match v {
                crate::model::service_perimeter_config::ingress_source::Source::Resource(v) => {
                    std::option::Option::Some(v)
                }
                _ => std::option::Option::None,
            })
        }

        /// Sets the value of [source][crate::model::service_perimeter_config::IngressSource::source]
        /// to hold a `Resource`.
        ///
        /// Note that all the setters affecting `source` are
        /// mutually exclusive.
        pub fn set_resource<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.source = std::option::Option::Some(
                crate::model::service_perimeter_config::ingress_source::Source::Resource(v.into()),
            );
            self
        }
    }

    impl wkt::message::Message for IngressSource {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource"
        }
    }

    /// Defines additional types related to [IngressSource].
    pub mod ingress_source {
        #[allow(unused_imports)]
        use super::*;

        /// Allowed ingress source. It can be one of [AccessLevel]
        /// [google.identity.accesscontextmanager.v1.AccessLevel] or Google
        /// Cloud resource.
        #[derive(Clone, Debug, PartialEq)]
        #[non_exhaustive]
        pub enum Source {
            /// An [AccessLevel]
            /// [google.identity.accesscontextmanager.v1.AccessLevel] resource
            /// name that allow resources within the [ServicePerimeters]
            /// [google.identity.accesscontextmanager.v1.ServicePerimeter] to be
            /// accessed from the internet. [AccessLevels]
            /// [google.identity.accesscontextmanager.v1.AccessLevel] listed must
            /// be in the same policy as this [ServicePerimeter]
            /// [google.identity.accesscontextmanager.v1.ServicePerimeter].
            /// Referencing a nonexistent [AccessLevel]
            /// [google.identity.accesscontextmanager.v1.AccessLevel] will cause
            /// an error. If no [AccessLevel]
            /// [google.identity.accesscontextmanager.v1.AccessLevel] names are
            /// listed, resources within the perimeter can only be accessed via Google
            /// Cloud calls with request origins within the perimeter. Example:
            /// `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is
            /// specified for `access_level`, then all [IngressSources]
            /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource]
            /// will be allowed.
            AccessLevel(std::string::String),
            /// A Google Cloud resource that is allowed to ingress the perimeter.
            /// Requests from these resources will be allowed to access perimeter data.
            /// Currently only projects are allowed.
            /// Format: `projects/{project_number}`
            /// The project may be in any Google Cloud organization, not just the
            /// organization that the perimeter is defined in. `*` is not allowed, the
            /// case of allowing all Google Cloud resources only is not supported.
            Resource(std::string::String),
        }
    }

    /// Defines the conditions under which an [IngressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// matches a request. Conditions are based on information about the source of
    /// the request. The request must satisfy what is defined in `sources` AND
    /// identity related fields in order to match.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct IngressFrom {
        /// Sources that this [IngressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
        /// authorizes access from.
        pub sources: std::vec::Vec<crate::model::service_perimeter_config::IngressSource>,

        /// A list of identities that are allowed access through this ingress
        /// policy. Should be in the format of email address. The email address
        /// should represent individual user or service account only.
        pub identities: std::vec::Vec<std::string::String>,

        /// Specifies the type of identities that are allowed access from outside the
        /// perimeter. If left unspecified, then members of `identities` field will
        /// be allowed access.
        pub identity_type: crate::model::service_perimeter_config::IdentityType,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl IngressFrom {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [sources][crate::model::service_perimeter_config::IngressFrom::sources].
        pub fn set_sources<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<crate::model::service_perimeter_config::IngressSource>,
        {
            use std::iter::Iterator;
            self.sources = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [identities][crate::model::service_perimeter_config::IngressFrom::identities].
        pub fn set_identities<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.identities = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [identity_type][crate::model::service_perimeter_config::IngressFrom::identity_type].
        pub fn set_identity_type<
            T: std::convert::Into<crate::model::service_perimeter_config::IdentityType>,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.identity_type = v.into();
            self
        }
    }

    impl wkt::message::Message for IngressFrom {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom"
        }
    }

    /// Defines the conditions under which an [IngressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// matches a request. Conditions are based on information about the
    /// [ApiOperation]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
    /// intended to be performed on the target resource of the request. The request
    /// must satisfy what is defined in `operations` AND `resources` in order to
    /// match.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct IngressTo {
        /// A list of [ApiOperations]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
        /// allowed to be performed by the sources specified in corresponding
        /// [IngressFrom]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
        /// in this [ServicePerimeter]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeter].
        pub operations: std::vec::Vec<crate::model::service_perimeter_config::ApiOperation>,

        /// A list of resources, currently only projects in the form
        /// `projects/<projectnumber>`, protected by this [ServicePerimeter]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeter] that are
        /// allowed to be accessed by sources defined in the corresponding
        /// [IngressFrom]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom].
        /// If a single `*` is specified, then access to all resources inside the
        /// perimeter are allowed.
        pub resources: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl IngressTo {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [operations][crate::model::service_perimeter_config::IngressTo::operations].
        pub fn set_operations<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<crate::model::service_perimeter_config::ApiOperation>,
        {
            use std::iter::Iterator;
            self.operations = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [resources][crate::model::service_perimeter_config::IngressTo::resources].
        pub fn set_resources<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.resources = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for IngressTo {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo"
        }
    }

    /// Policy for ingress into [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter].
    ///
    /// [IngressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// match requests based on `ingress_from` and `ingress_to` stanzas.  For an
    /// ingress policy to match, both the `ingress_from` and `ingress_to` stanzas
    /// must be matched. If an [IngressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// matches a request, the request is allowed through the perimeter boundary
    /// from outside the perimeter.
    ///
    /// For example, access from the internet can be allowed either
    /// based on an [AccessLevel]
    /// [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
    /// hosted on Google Cloud, the project of the source network. For access from
    /// private networks, using the project of the hosting network is required.
    ///
    /// Individual ingress policies can be limited by restricting which
    /// services and/or actions they match using the `ingress_to` field.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct IngressPolicy {
        /// Defines the conditions on the source of a request causing this
        /// [IngressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
        /// to apply.
        pub ingress_from: std::option::Option<crate::model::service_perimeter_config::IngressFrom>,

        /// Defines the conditions on the [ApiOperation]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
        /// and request destination that cause this [IngressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
        /// to apply.
        pub ingress_to: std::option::Option<crate::model::service_perimeter_config::IngressTo>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl IngressPolicy {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [ingress_from][crate::model::service_perimeter_config::IngressPolicy::ingress_from].
        pub fn set_ingress_from<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::IngressFrom>,
        {
            self.ingress_from = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [ingress_from][crate::model::service_perimeter_config::IngressPolicy::ingress_from].
        pub fn set_or_clear_ingress_from<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::IngressFrom>,
        {
            self.ingress_from = v.map(|x| x.into());
            self
        }

        /// Sets the value of [ingress_to][crate::model::service_perimeter_config::IngressPolicy::ingress_to].
        pub fn set_ingress_to<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::IngressTo>,
        {
            self.ingress_to = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [ingress_to][crate::model::service_perimeter_config::IngressPolicy::ingress_to].
        pub fn set_or_clear_ingress_to<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::IngressTo>,
        {
            self.ingress_to = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for IngressPolicy {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy"
        }
    }

    /// Defines the conditions under which an [EgressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// matches a request. Conditions based on information about the source of the
    /// request. Note that if the destination of the request is also protected by a
    /// [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
    /// [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
    /// an [IngressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// which allows access in order for this request to succeed.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct EgressFrom {
        /// A list of identities that are allowed access through this [EgressPolicy].
        /// Should be in the format of email address. The email address should
        /// represent individual user or service account only.
        pub identities: std::vec::Vec<std::string::String>,

        /// Specifies the type of identities that are allowed access to outside the
        /// perimeter. If left unspecified, then members of `identities` field will
        /// be allowed access.
        pub identity_type: crate::model::service_perimeter_config::IdentityType,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl EgressFrom {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [identities][crate::model::service_perimeter_config::EgressFrom::identities].
        pub fn set_identities<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.identities = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [identity_type][crate::model::service_perimeter_config::EgressFrom::identity_type].
        pub fn set_identity_type<
            T: std::convert::Into<crate::model::service_perimeter_config::IdentityType>,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.identity_type = v.into();
            self
        }
    }

    impl wkt::message::Message for EgressFrom {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
        }
    }

    /// Defines the conditions under which an [EgressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// matches a request. Conditions are based on information about the
    /// [ApiOperation]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
    /// intended to be performed on the `resources` specified. Note that if the
    /// destination of the request is also protected by a [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
    /// [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
    /// an [IngressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
    /// which allows access in order for this request to succeed. The request must
    /// match `operations` AND `resources` fields in order to be allowed egress out
    /// of the perimeter.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct EgressTo {
        /// A list of resources, currently only projects in the form
        /// `projects/<projectnumber>`, that are allowed to be accessed by sources
        /// defined in the corresponding [EgressFrom]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
        /// A request matches if it contains a resource in this list.  If `*` is
        /// specified for `resources`, then this [EgressTo]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
        /// rule will authorize access to all resources outside the perimeter.
        pub resources: std::vec::Vec<std::string::String>,

        /// A list of [ApiOperations]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
        /// allowed to be performed by the sources specified in the corresponding
        /// [EgressFrom]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
        /// A request matches if it uses an operation/service in this list.
        pub operations: std::vec::Vec<crate::model::service_perimeter_config::ApiOperation>,

        /// A list of external resources that are allowed to be accessed. Only AWS
        /// and Azure resources are supported. For Amazon S3, the supported format is
        /// s3://BUCKET_NAME. For Azure Storage, the supported format is
        /// azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
        /// if it contains an external resource in this list (Example:
        /// s3://bucket/path). Currently '*' is not allowed.
        pub external_resources: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl EgressTo {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [resources][crate::model::service_perimeter_config::EgressTo::resources].
        pub fn set_resources<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.resources = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [operations][crate::model::service_perimeter_config::EgressTo::operations].
        pub fn set_operations<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<crate::model::service_perimeter_config::ApiOperation>,
        {
            use std::iter::Iterator;
            self.operations = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [external_resources][crate::model::service_perimeter_config::EgressTo::external_resources].
        pub fn set_external_resources<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.external_resources = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for EgressTo {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
        }
    }

    /// Policy for egress from perimeter.
    ///
    /// [EgressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// match requests based on `egress_from` and `egress_to` stanzas.  For an
    /// [EgressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// to match, both `egress_from` and `egress_to` stanzas must be matched. If an
    /// [EgressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// matches a request, the request is allowed to span the [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
    /// For example, an [EgressPolicy]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// can be used to allow VMs on networks within the [ServicePerimeter]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
    /// defined set of projects outside the perimeter in certain contexts (e.g. to
    /// read data from a Cloud Storage bucket or query against a BigQuery dataset).
    ///
    /// [EgressPolicies]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
    /// are concerned with the *resources* that a request relates as well as the
    /// API services and API actions being used.  They do not related to the
    /// direction of data movement.  More detailed documentation for this concept
    /// can be found in the descriptions of [EgressFrom]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
    /// and [EgressTo]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct EgressPolicy {
        /// Defines conditions on the source of a request causing this [EgressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
        /// to apply.
        pub egress_from: std::option::Option<crate::model::service_perimeter_config::EgressFrom>,

        /// Defines the conditions on the [ApiOperation]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
        /// and destination resources that cause this [EgressPolicy]
        /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
        /// to apply.
        pub egress_to: std::option::Option<crate::model::service_perimeter_config::EgressTo>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl EgressPolicy {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [egress_from][crate::model::service_perimeter_config::EgressPolicy::egress_from].
        pub fn set_egress_from<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::EgressFrom>,
        {
            self.egress_from = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [egress_from][crate::model::service_perimeter_config::EgressPolicy::egress_from].
        pub fn set_or_clear_egress_from<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::EgressFrom>,
        {
            self.egress_from = v.map(|x| x.into());
            self
        }

        /// Sets the value of [egress_to][crate::model::service_perimeter_config::EgressPolicy::egress_to].
        pub fn set_egress_to<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::EgressTo>,
        {
            self.egress_to = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [egress_to][crate::model::service_perimeter_config::EgressPolicy::egress_to].
        pub fn set_or_clear_egress_to<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::service_perimeter_config::EgressTo>,
        {
            self.egress_to = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for EgressPolicy {
        fn typename() -> &'static str {
            "type.googleapis.com/google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy"
        }
    }

    /// Specifies the types of identities that are allowed access in either
    /// [IngressFrom]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
    /// or [EgressFrom]
    /// [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
    /// rules.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum IdentityType {
        /// No blanket identity group specified.
        Unspecified,
        /// Authorize access from all identities outside the perimeter.
        AnyIdentity,
        /// Authorize access from all human users outside the perimeter.
        AnyUserAccount,
        /// Authorize access from all service accounts outside the perimeter.
        AnyServiceAccount,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [IdentityType::value] or
        /// [IdentityType::name].
        UnknownValue(identity_type::UnknownValue),
    }

    #[doc(hidden)]
    pub mod identity_type {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl IdentityType {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::AnyIdentity => std::option::Option::Some(1),
                Self::AnyUserAccount => std::option::Option::Some(2),
                Self::AnyServiceAccount => std::option::Option::Some(3),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("IDENTITY_TYPE_UNSPECIFIED"),
                Self::AnyIdentity => std::option::Option::Some("ANY_IDENTITY"),
                Self::AnyUserAccount => std::option::Option::Some("ANY_USER_ACCOUNT"),
                Self::AnyServiceAccount => std::option::Option::Some("ANY_SERVICE_ACCOUNT"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for IdentityType {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for IdentityType {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for IdentityType {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::AnyIdentity,
                2 => Self::AnyUserAccount,
                3 => Self::AnyServiceAccount,
                _ => Self::UnknownValue(identity_type::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for IdentityType {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "IDENTITY_TYPE_UNSPECIFIED" => Self::Unspecified,
                "ANY_IDENTITY" => Self::AnyIdentity,
                "ANY_USER_ACCOUNT" => Self::AnyUserAccount,
                "ANY_SERVICE_ACCOUNT" => Self::AnyServiceAccount,
                _ => Self::UnknownValue(identity_type::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for IdentityType {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::AnyIdentity => serializer.serialize_i32(1),
                Self::AnyUserAccount => serializer.serialize_i32(2),
                Self::AnyServiceAccount => serializer.serialize_i32(3),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for IdentityType {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<IdentityType>::new(
                ".google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType",
            ))
        }
    }
}

/// The format used in an `AccessLevel`.
///
/// # Working with unknown values
///
/// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
/// additional enum variants at any time. Adding new variants is not considered
/// a breaking change. Applications should write their code in anticipation of:
///
/// - New values appearing in future releases of the client library, **and**
/// - New values received dynamically, without application changes.
///
/// Please consult the [Working with enums] section in the user guide for some
/// guidelines.
///
/// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
#[derive(Clone, Debug, PartialEq)]
#[non_exhaustive]
pub enum LevelFormat {
    /// The format was not specified.
    Unspecified,
    /// Uses the format the resource was defined in. BasicLevels are returned as
    /// BasicLevels, CustomLevels are returned as CustomLevels.
    AsDefined,
    /// Use Cloud Common Expression Language when returning the resource.  Both
    /// BasicLevels and CustomLevels are returned as CustomLevels.
    Cel,
    /// If set, the enum was initialized with an unknown value.
    ///
    /// Applications can examine the value using [LevelFormat::value] or
    /// [LevelFormat::name].
    UnknownValue(level_format::UnknownValue),
}

#[doc(hidden)]
pub mod level_format {
    #[allow(unused_imports)]
    use super::*;
    #[derive(Clone, Debug, PartialEq)]
    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
}

impl LevelFormat {
    /// Gets the enum value.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the string representation of enums.
    pub fn value(&self) -> std::option::Option<i32> {
        match self {
            Self::Unspecified => std::option::Option::Some(0),
            Self::AsDefined => std::option::Option::Some(1),
            Self::Cel => std::option::Option::Some(2),
            Self::UnknownValue(u) => u.0.value(),
        }
    }

    /// Gets the enum value as a string.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the integer representation of enums.
    pub fn name(&self) -> std::option::Option<&str> {
        match self {
            Self::Unspecified => std::option::Option::Some("LEVEL_FORMAT_UNSPECIFIED"),
            Self::AsDefined => std::option::Option::Some("AS_DEFINED"),
            Self::Cel => std::option::Option::Some("CEL"),
            Self::UnknownValue(u) => u.0.name(),
        }
    }
}

impl std::default::Default for LevelFormat {
    fn default() -> Self {
        use std::convert::From;
        Self::from(0)
    }
}

impl std::fmt::Display for LevelFormat {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
        wkt::internal::display_enum(f, self.name(), self.value())
    }
}

impl std::convert::From<i32> for LevelFormat {
    fn from(value: i32) -> Self {
        match value {
            0 => Self::Unspecified,
            1 => Self::AsDefined,
            2 => Self::Cel,
            _ => Self::UnknownValue(level_format::UnknownValue(
                wkt::internal::UnknownEnumValue::Integer(value),
            )),
        }
    }
}

impl std::convert::From<&str> for LevelFormat {
    fn from(value: &str) -> Self {
        use std::string::ToString;
        match value {
            "LEVEL_FORMAT_UNSPECIFIED" => Self::Unspecified,
            "AS_DEFINED" => Self::AsDefined,
            "CEL" => Self::Cel,
            _ => Self::UnknownValue(level_format::UnknownValue(
                wkt::internal::UnknownEnumValue::String(value.to_string()),
            )),
        }
    }
}

impl serde::ser::Serialize for LevelFormat {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        match self {
            Self::Unspecified => serializer.serialize_i32(0),
            Self::AsDefined => serializer.serialize_i32(1),
            Self::Cel => serializer.serialize_i32(2),
            Self::UnknownValue(u) => u.0.serialize(serializer),
        }
    }
}

impl<'de> serde::de::Deserialize<'de> for LevelFormat {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        deserializer.deserialize_any(wkt::internal::EnumVisitor::<LevelFormat>::new(
            ".google.identity.accesscontextmanager.v1.LevelFormat",
        ))
    }
}
